DNS - Did We Get It Right?
castaldo at nwlink.com
Tue Mar 28 15:39:39 UTC 2000
> I was just curious to know if anyone has bothered to tackle the global
> naming problem head on from a renaissance perspective.
Renaiaance perspective, ey? Why yes, my portrait of DNS
in a shiny suit of armor with BIND polishing his shoes like
a good squire will be released in museums shortly. ;)
Just kidding. I don't know that anyone really thinks of
DNS on a global scale anymore, which is the strongest
indication that we did, in fact, do it right.
> It seems that most technologies that support the Internet seem to
> evolve in a mushy, chaotic, patchy, duct tape sort of fashion (which
> certainly adds to the glamour of it), but as far as I know, no one has
> ever taking the time to ask the simple question:
> "Hey, did we do this thing DNS right?"
> While wading through gobs and gobs of DNS nasties on Windows and Unix,
> I find myself silently asking this question over and over.
Understandable. q=) I bet you find yourself looking at it
with the same overwhelmed fashion that a kid looks at
a pile of 200 billion legos. It's not that there's anything
intrinsically "wrong" with the legos - it's just that the kid,
when stopping a moment to look at the big picture, realizes
exactly how flexible the material is and how much power
s/he has to build whatever comes to mind.
DNS is the perfect model of a decentralized government.
We have our "central" Government of those 13 computers
that tell everyone where to route, but they are only
involved with queries in which there is not already an
entry on the name server you start with. That allows the
ultimate authority to travel down the line to the most local
name server involved in your online experience - usually
your ISP's name server, but you can always take things
down a notch further and run your own.
> We all know that the domain of viable software is much wider than the
> domain of well-designed viable software, and I was just curious if
> there is anyone else out there who is wondering whether we got the
> whole DNS thing right the fist time around.
> If so, then why so much effort to "fix" it?
Because despite the fact that it was designed to be
decentralized, despite the fact that I hypothetically /can/
make a microsoft.com zone file and have everyone who
uses my name server and types in microsoft.com re-routed
to wherever I choose, the fact remains that the everyday people using the
Internet through my name server are going to expect a certain degree of
uniformity to the way things run. That means that, the majority of the time,
I'm going to
need to get my name server to conform to the established
standards of how to find something it doesn't control. Much
more importantly, it's going to need to conform to the
established standards of how to tell someone else to find a
domain that it /does/ control.
> If not, what could be better if we had a second chance?
Nothing. The way it stands now, I may have daily headaches
getting domain files to work properly, but I can live
comfortably with the knowledge that if some other whacko
creates a zone file to block people from going to Domain X, they can just
re-route to my name server. True censorship on the net has become
impossible - it would require every
single person running a name server to uniformly block
resolution on a domain. To re-design DNS any other way would allow less
people... people with agendas... to have
more control then they do now. No way.
More information about the bind-users